research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's hard constraint "必须联网检索最新数据与新闻" and the Data Appendix requirement "所有数据源与链接" explicitly require fetching and using open/public third‑party news/data as inputs, which the agent must read and use to drive trading decisions (e.g., conclusions, triggers, and execution plans), exposing it to untrusted third‑party content that could contain indirect prompt injections.